electronic voting: the 2004 election and beyond prof. david l. dill department of computer science...
TRANSCRIPT
Electronic Voting: The 2004 Election and
Beyond
Prof. David L. DillDepartment of Computer Science
Stanford Universityhttp://www.verifiedvoting.org
Role of Elections
Democracy depends on everyone, especially the losers, accepting the results of elections.
“The people have spoken . . . the bastards!” - Dick Tuck concession speech
Levels of Accountability
We often have to trust people, but we rarely trust them without accountability.
Levels of accountability– Can we detect error? – Can we correct it?
Simple error detection is the most condition for trustworthiness.
The DRE Auditing Gap
Screen touches
Recordedvotes
DRE System
?President
Joe BlowPresident
Fred Derf
Any accidental or deliberate flaw in recording mechanism can compromise the election.. . . Undetectably!
Voting is Especially Hard
Unlike almost every other secure system, voting must discard vital information: the connection between the voter and the vote.
Summary of Technical Barriers
It is currently (practically) impossible to create trustworthy DREs because:
• We cannot eliminate program bugs.• We cannot prevent software and
hardware from being subverted (especially by the designers).
• We cannot verify that the desired software is running on the computer.
“We’ve never had a proven case of vote fraud on DREs”
• Votes have definitely been lost due to bugs (Wake County, NC, 2002).
• Fraud has never been investigated.• Candidates don’t bother asking for recounts
They just get “reprints”
• Danger and motivation increases with number of DREs (twice as many votes this election than 2002).
• Applications with much more security and lower stakes have had sophisticated fraud (e.g., gambling).
Voter Verifiable Audit Trail
• Voter must be able to verify the permanent record of his or her vote (i.e., ballot).
• Ballot is deposited in a secure ballot box.– Voter can’t keep it because of
possible vote selling.• Under normal conditions, paper ballots
should be considered more reliable than electronic records.
This closes the auditing gap.
Options for Voter Verifiable Audit Trails
• Manual ballots with manual counts.• Optically scanned paper ballots.
– Precinct-based optical scan ballots have low voter error rates.
• Touch screen machines with voter verifiable printers.
• Other possibilities (unproven! ).– Other media than paper?– Cryptographic schemes?
For now, paper is the only proven option.
November, 2004
We’ve done what we can to get paper. In the short term, we’re focusing on other initiatives.
• TechWatch– Computer-literate volunteers to observe election.– They will observe & document pre-election testing.– They will observe election (often as poll workers) &
vote counting
• Election Scorecard– Questions about basic “best practices” related to
election security– Working with Brennan Center, Leadership
Conference on Civil Rights, Center for American Progress, others.
Election Incident Reporting System
• Online capture of election incident reports.• The Verified Voting Foundation is partnered
with CPSR for SW development.• Reports will be entered by Election Protection
Coalition (60+ member organizations).• Hotline 1-866-OUR-VOTE
– Anyone else can enter a report as well
• Goals– Deal with incidents in real-time, when possible– Collect knowledge on how elections really work.
The Big Risk
All elections conducted on DREs are open to question.
www.verifiedvoting.org
More information is available at our website.